Cisco Nexus Dashboard Fabric Controller is a network management platform for all NX-OS-enabled devices. It enables data center operation teams to perform deep-dive troubleshooting and maintenance operations.
A new vulnerability has been discovered in the Cisco Nexus Dashboard Fabric Controller, which was associated with the Out-of-band (OOB) Plug and Play (PnP) feature.
This vulnerability allows an unauthenticated remote threat actor to read arbitrary files on the affected devices.
However, Cisco has patched this vulnerability and released a security advisory to address it. This vulnerability has been assigned CVE-2024-20348, and the severity has been given as 7.5 (High).
According to the reports shared with Cyber Security News, this vulnerability exists due to an unauthenticated provisioning web server, which a threat actor can exploit by sending direct web requests to the server.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
If the exploitation is successful, the threat actor can read sensitive files in the PnP container, which can be used to escalate harmful attacks on the PnP infrastructure. Cisco has stated that there are no workarounds for mitigating this vulnerability.
Products affected by this vulnerability include NDFC Release 12.1.3b with a default configuration.
In fact, the Cisco Nexus Dashboard hosting this NDFC is deployed as a cluster that connects each service node to the data and management networks.
Nevertheless, the scope of this vulnerability is limited to data network interfaces and does not impact the management interfaces. Moreover, there has been no evidence of threat actors exploiting this vulnerability in the wild.
| Cisco NDFC Release | First Fixed Release |
| 12.1.2 and earlier | Not vulnerable. |
| 12.1.3 | Migrate to a fixed release. |
| 12.2.11 | Not vulnerable. |
It is recommended that users of the Cisco Nexus Dashboard upgrade to the latest version to prevent threat actors from exploiting this vulnerability.
Secure your emails in a heartbeat! Take Trustifi free 30-second assessment and get matched with your ideal email security vendor - Try HereA 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to…
Paris, France, October 6th, 2025, CyberNewsWire Reemo continues its mission to secure enterprise remote access…
A threat actor has claimed responsibility for a significant data breach at Huawei Technologies, a…
Doctors Imaging Group, a healthcare provider based in Florida, has reported a significant data breach…
Forensic-Timeliner, a Windows forensic tool for DFIR investigators, has released version 2.2, which offers enhanced…
NCSC has issued an urgent warning regarding a critical zero-day flaw in Oracle E-Business Suite…